sslh – ssl/ssh multiplexer

2011年7月21日 | 分类: 乱七八糟 | 标签: ,

What is it?

sslh accepts HTTPS, SSH and OpenVPN connections on the same port. This makes it possible to connect to an SSH server or an OpenVPN on port 443 (e.g. from inside a corporate firewall, which almost never block port 443) while still serving HTTPS on that port.

Inspiration

This feature has already been implemented as a Perl script.

There are two problems with sslh:

  • It’s in Perl. That means it’s pretty RAM hungry, and probably not very fast.
  • It doesn’t manage privilege dropping, which is rather questionnable.

The obvious solution to both problems was to re-implement it in C, which is what this program is about.

Install me!

sslh has been packaged for DebianGentooFreeBSD and some other operating systems, so check out your favourite package repository first before installing by hand.

It should also work under Windows with Cygwin.

Mailing list

Announcements of new versions will be posted on the sslh mailing list. This list can also be used to discuss usage, request features and so on. Traffic is expected to be low (a dozen mail a year on average). It will be further split into a “discussion” list and an “announcement” list if required.

Get it!

sslh 1.8
  • Changed log format to make it possible to link connections to subsequent logs from other services.
  • Added single-threaded, select(2)-based version.
  • Added -o “OpenVPN” and OpenVPN probing and support.
  • Added support for “Bold” SSH clients (clients that speak first) Thanks to Guillaume Ricaud for spotting a regression bug.
  • Updated CentOS init.d script (Andre Krajnik).
  • Fixed zombie issue with OpenBSD (The SA_NOCLDWAIT flag is not propagated to the child process, so we set up signals after the fork.) (François FRITZ)
  • Added -f “foreground” option.
  • Added test suite. (only tests connexions. No test for libwrap, setsid, setuid and so on) and corresponding ‘make test’ target.
  • Added README.MacOSX (thanks Aaron Madlon-Kay)
  • Documented use with proxytunnel and corkscrew in README.
sslh 1.7
  • Added CentOS init.d script (Andre Krajnik).
  • Fixed default ssl address inconsistancy, now defaults to “localhost:443” and fixed documentation accordingly (pointed by Markus Schalke).
  • Children no longer bind to the listen socket, so parent server can be stopped without killing an active child (pointed by Matthias Buecher).
  • Inetd support (Dima Barsky).
sslh 1.6
  • Added -V, version option.
  • Install target directory configurable in Makefile.
  • Changed syslog prefix in auth.log to “sslh[%pid]”
  • Man page
  • new ‘make install’ and ‘make install-debian’ targets
  • PID file now specified using -P command line option
  • Actually fixed zombie generation (the v1.5 patch got lost, doh!)
sslh 1.5
  • Added libwrap support for ssh service (Christian Weinberger)
  • Fixed zombie generation.
  • Added support scripts, Makefile.
sslh 1.3
  • Added parsing for local interface to listen on (e.g.: -p 192.168.0.3:443)
  • Changed default SSL connexion to port 442 (443 doesn’t make sense as a default as we’re already listening on 443)
  • Syslog incoming connexions
sslh 1.2
  • Fixed compilation warning for AMD64.
sslh 1.1
sslh 1.0
原文http://www.rutschle.net/tech/sslh.shtml
发表评论
目前还没有任何评论.